Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/EEl8l4AtofWnhlqjzlYNbnMIqUk.roa
File:                     EEl8l4AtofWnhlqjzlYNbnMIqUk.roa (raw, json)
Hash identifier:          yrfuzDF99uu3RmtyNoGdbAkDz5ICvqQRwN46DLbd/kk=
Subject key identifier:   10:49:7C:97:80:2D:A1:F5:A7:86:5A:A3:CE:56:0D:6E:73:08:A9:49
Certificate issuer:       /CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
Certificate serial:       018CC794E12EF783C9E037155D8890386C2C
Authority key identifier: 32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/EEl8l4AtofWnhlqjzlYNbnMIqUk.roa
Signing time:             Tue 02 Jan 2024 00:31:12 +0000
ROA not before:           Tue 02 Jan 2024 00:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        45.155.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:e1:2e:f7:83:c9:e0:37:15:5d:88:90:38:6c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32474ac7ca85e09c2d48b33e7bf66f8ed764de0f
        Validity
            Not Before: Jan  2 00:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10497c97802da1f5a7865aa3ce560d6e7308a949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:21:bb:96:8f:6f:95:77:e2:a2:4b:f9:72:55:
                    db:d9:85:9f:57:e7:6d:a2:8f:3a:3b:28:85:38:c8:
                    ed:88:eb:83:15:28:c8:92:0a:09:c0:db:54:4a:1f:
                    85:d8:f6:27:a4:57:4d:d8:9f:66:26:13:5d:8e:83:
                    6d:c3:a1:85:9d:9a:0b:de:07:5a:12:f4:22:4b:44:
                    30:7d:f5:cf:ea:29:58:67:e8:74:3d:8c:fd:ba:db:
                    3e:a1:ad:dc:69:63:13:c1:7c:4f:dc:48:b8:e3:d3:
                    d5:86:7a:1e:ad:f5:b6:5d:99:51:08:bd:8a:67:54:
                    d1:59:69:90:9e:d0:09:25:c9:48:6c:cf:ba:e2:3e:
                    18:00:27:89:79:d9:ca:b9:42:7f:cd:0d:1d:69:57:
                    b8:1b:d8:5b:c4:ae:9b:61:d7:60:57:7d:f4:56:f4:
                    15:0f:69:9d:73:b5:e9:eb:4b:1e:a6:bd:f7:0c:5b:
                    20:97:ff:9b:92:6a:78:40:95:95:73:a8:c5:60:9b:
                    18:45:48:e5:f8:45:dc:55:be:a6:83:c2:a7:e5:1d:
                    af:6a:77:4f:19:d0:ab:99:8b:b8:90:2d:e8:37:cf:
                    86:a7:c1:30:2a:2e:8d:b6:d3:b9:3c:bc:68:5d:70:
                    fc:3f:ff:76:a7:44:e6:2e:40:64:fd:08:c3:aa:23:
                    50:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:49:7C:97:80:2D:A1:F5:A7:86:5A:A3:CE:56:0D:6E:73:08:A9:49
            X509v3 Authority Key Identifier:
                keyid:32:47:4A:C7:CA:85:E0:9C:2D:48:B3:3E:7B:F6:6F:8E:D7:64:DE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/EEl8l4AtofWnhlqjzlYNbnMIqUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/1fd0a6-4517-4a0b-b3c9-12ec22c9c5a2/1/MkdKx8qF4JwtSLM-e_Zvjtdk3g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:7f:54:9a:a9:47:1b:d5:27:0a:68:de:42:45:aa:25:c7:c6:
         fc:98:c6:e4:a3:dd:60:3d:a6:33:d2:5c:ca:a4:4e:b0:7c:f2:
         cf:2f:1c:a0:46:55:2b:06:93:25:90:ce:52:06:50:b4:fc:6b:
         6a:2d:d7:b5:0b:7b:68:6c:da:87:56:29:ec:b6:ee:56:1e:8e:
         5d:39:52:48:f0:d6:07:48:55:95:7b:6c:da:a4:a6:95:f3:8a:
         35:77:df:df:64:2c:5a:a6:2d:df:a6:f7:68:09:08:ab:0a:7d:
         2b:2e:4c:ee:6c:f7:9a:4b:5c:08:bb:d7:b9:b9:82:04:57:e9:
         a9:82:22:9e:b1:f7:98:9b:2a:71:88:02:d6:59:5f:88:b4:1e:
         ab:fd:39:8e:35:58:08:ac:ec:20:52:af:b2:5e:40:eb:6d:9d:
         ec:ed:4b:e4:23:01:12:8c:ba:9d:7c:d1:d4:db:4a:e1:6a:83:
         0f:f6:b6:a3:30:bf:12:86:c4:98:a3:f8:f3:2d:cf:fd:fc:7c:
         23:4d:8e:6b:62:36:f0:8c:18:a3:b1:e6:43:f1:9b:b7:cd:e1:
         b9:ff:1e:2d:8b:bf:cf:68:62:ea:b8:c9:00:b9:f7:e3:b5:16:
         2b:a9:34:6d:10:39:b5:87:d3:93:3f:42:de:fa:5c:51:15:e4:
         8d:a6:0f:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlOEu94PJ4DcVXYiQOGwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNDc0YWM3Y2E4NWUwOWMyZDQ4YjMzZTdiZjY2ZjhlZDc2
NGRlMGYwHhcNMjQwMTAyMDAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQ5N2M5NzgwMmRhMWY1YTc4NjVhYTNjZTU2MGQ2ZTczMDhhOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiG7lo9vlXfiokv5clXb2YWfV+dt
oo86OyiFOMjtiOuDFSjIkgoJwNtUSh+F2PYnpFdN2J9mJhNdjoNtw6GFnZoL3gda
EvQiS0QwffXP6ilYZ+h0PYz9uts+oa3caWMTwXxP3Ei449PVhnoerfW2XZlRCL2K
Z1TRWWmQntAJJclIbM+64j4YACeJednKuUJ/zQ0daVe4G9hbxK6bYddgV330VvQV
D2mdc7Xp60sepr33DFsgl/+bkmp4QJWVc6jFYJsYRUjl+EXcVb6mg8Kn5R2vandP
GdCrmYu4kC3oN8+Gp8EwKi6NttO5PLxoXXD8P/92p0TmLkBk/QjDqiNQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBJfJeALaH1p4Zao85WDW5zCKlJMB8GA1UdIwQY
MBaAFDJHSsfKheCcLUizPnv2b47XZN4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzkt
MTJlYzIyYzljNWEyLzEvRUVsOGw0QXRvZlduaGxxanpsWU5ibk1JcVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8xZmQwYTYtNDUxNy00YTBiLWIzYzktMTJlYzIyYzljNWEy
LzEvTWtkS3g4cUY0Snd0U0xNLWVfWnZqdGRrM2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZtMMA0G
CSqGSIb3DQEBCwUAA4IBAQBpf1SaqUcb1ScKaN5CRaolx8b8mMbko91gPaYz0lzK
pE6wfPLPLxygRlUrBpMlkM5SBlC0/GtqLde1C3tobNqHVinstu5WHo5dOVJI8NYH
SFWVe2zapKaV84o1d9/fZCxapi3fpvdoCQirCn0rLkzubPeaS1wIu9e5uYIEV+mp
giKesfeYmypxiALWWV+ItB6r/TmONVgIrOwgUq+yXkDrbZ3s7UvkIwESjLqdfNHU
20rhaoMP9rajML8ShsSYo/jzLc/9/HwjTY5rYjbwjBijseZD8Zu3zeG5/x4ti7/P
aGLquMkAuffjtRYrqTRtEDm1h9OTP0Le+lxRFeSNpg8s
-----END CERTIFICATE-----